[Politech] Hack the tech: a possible counter-RFID strategy [priv]

From: Declan McCullagh (declan@private)
Date: Tue May 04 2004 - 21:41:47 PDT

  • Next message: Declan McCullagh: "[Politech] Michael Geist on Canadian law and punishing spammers [sp]"

    -------- Original Message --------
    Subject: A possible counter-RFID strategy
    Date: Mon, 3 May 2004 07:57:30 -0400
    From: Rich Kulawiec <rsk@private>
    To: Declan McCullagh <declan@private>
    
    (An edit of something I sent to the folks at nocards.org last summer)
    
    Having followed the recent RFID-related messages on Politech, I thought
    I'd send this along.
    
    First, a small historical diversion: back in the 1980's, there were rumors
    that the NSA had a complete Usenet feed going into its data centers.
    In reaction, Usenet article authors began to include what were called
    "NSA fodder" in the headers and bodies of their articles; text strings like:
    
    	Moscow nuke Iran Kremlin secret spy CIA transmission
    
    were put there to (at least in theory) cause the text-analysis programs
    and perhaps the human beings analyzing the incoming data at the NSA to
    work a bit harder.
    
    Nobody (I hope) took this very seriously, but it does illustrate
    an interesting point about approaches to frustrating unwanted
    data collection, and that is that there are two ways to do that:
    
    	1. Deny the data to the collectors.
    	2. Give them all the data they could possibly hope for...
    	   but fill it with so much noise that it's useless.
    
    In the case of RFID tags, so many people are all over their deployment
    that approach #1 may now be effectively impossible.
    
    Fine.  Let them knock themselves out putting RFID tags on and in
    everything and tracking them and accumulating all the data, and
    spending lots and lots of money and time setting all that up.
    
    Meanwhile, let's try approach #2.
    
    After all, there's no reason why you and I can't have our own RFID
    scanners, and locate the tags that we happen to find in our possession,
    now is there?  And if I felt like, oh, removing the tag from my new
    shirt and sticking it in a city bus seat, or extracting the tag from
    a new lawn sprinkler and putting it in on a shopping cart back at the
    store where I bought it, well, why not?
    
    Now imagine the consequences if 20 million people did the same.
    
    We could even have little exchanges where we throw all our tags in a
    pile and randomly take some away to play with -- the point being that
    then not even *we* know what happened to them.
    
    I find it very satisfying to think that someone trying to figure out where
    my bicycle helmet is at the moment will actually be tracking a Walmart
    (rushing headlong toward adoption of RFID) manager's car that happened
    to parked somewhere nearby when I felt like transplanting the RFID tag.
    
    RFID tags from all kinds of things could be randomly planted everywhere:
    in an airplane seat, in a newspaper at the library, in a copy of a rented
    video, EVERYWHERE.  Some could be transplanted to similar items; others
    to completely different ones.  And so on.
    
    I'm not suggesting that anyone abandon the fight against the intrusive
    and abusive uses of RFID by any means; I'm just suggesting that one
    possible countermeasure to make whatever deployment goes forward far
    less effective than its backers hope is to cause their RFID trackers to
    record huge amounts of completely useless data. [1]  This is relatively
    easy to do, and could actually be turned into a rather amusing exercise
    in competitive ingenuity. [2]
    
    But more seriously, if a sufficient number of people participate, and thus
    a sufficient number of RFID tags are pressed into service generating bogus
    data, it will discredit them and devalue their usefulness, thus discouraging
    their further adoption and undercutting attempts to rely on them for
    some of their more Orwellian possible uses.
    
    It's a shame that something like this is necessary: but given the total
    lack of respect for privacy and any semblance of self-restraint on the
    part of governments and corporations, it is.
    
    --Rsk
    
    [1] Most importantly, "useless data" that will be very difficult to
    distinguish from useful data.  Every communications engineer learns
    that separating signal from noise is relatively easy when they have
    very different properties, but much harder when they're the same.
    Hence the need to transplant at least some RFID tags to similar items,
    thus generating bogus but hard-to-spot-as-bogus data.
    
    [2] "I'd like to thank you for coming to testify before our committee
    today, Mr. Ashton, and as my first question, I'd like you to explain
    why the Senate's RFID scanner indicates that you walked in here with a
    cheese grater, a copy of the latest Harry Potter video, a forklift, and
    the latest issue of 'Motorcycle Babes' on your person."
    
    
    _______________________________________________
    Politech mailing list
    Archived at http://www.politechbot.com/
    Moderated by Declan McCullagh (http://www.mccullagh.org/)
    



    This archive was generated by hypermail 2b30 : Tue May 04 2004 - 22:45:36 PDT